1 /* |
1 /* |
2 * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
37 import sun.security.util.ObjectIdentifier; |
37 import sun.security.util.ObjectIdentifier; |
38 import sun.security.x509.InvalidityDateExtension; |
38 import sun.security.x509.InvalidityDateExtension; |
39 |
39 |
40 /** |
40 /** |
41 * An exception that indicates an X.509 certificate is revoked. A |
41 * An exception that indicates an X.509 certificate is revoked. A |
42 * <code>CertificateRevokedException</code> contains additional information |
42 * {@code CertificateRevokedException} contains additional information |
43 * about the revoked certificate, such as the date on which the |
43 * about the revoked certificate, such as the date on which the |
44 * certificate was revoked and the reason it was revoked. |
44 * certificate was revoked and the reason it was revoked. |
45 * |
45 * |
46 * @author Sean Mullan |
46 * @author Sean Mullan |
47 * @since 1.7 |
47 * @since 1.7 |
58 /** |
58 /** |
59 * @serial the revocation reason |
59 * @serial the revocation reason |
60 */ |
60 */ |
61 private final CRLReason reason; |
61 private final CRLReason reason; |
62 /** |
62 /** |
63 * @serial the <code>X500Principal</code> that represents the name of the |
63 * @serial the {@code X500Principal} that represents the name of the |
64 * authority that signed the certificate's revocation status information |
64 * authority that signed the certificate's revocation status information |
65 */ |
65 */ |
66 private final X500Principal authority; |
66 private final X500Principal authority; |
67 |
67 |
68 private transient Map<String, Extension> extensions; |
68 private transient Map<String, Extension> extensions; |
69 |
69 |
70 /** |
70 /** |
71 * Constructs a <code>CertificateRevokedException</code> with |
71 * Constructs a {@code CertificateRevokedException} with |
72 * the specified revocation date, reason code, authority name, and map |
72 * the specified revocation date, reason code, authority name, and map |
73 * of extensions. |
73 * of extensions. |
74 * |
74 * |
75 * @param revocationDate the date on which the certificate was revoked. The |
75 * @param revocationDate the date on which the certificate was revoked. The |
76 * date is copied to protect against subsequent modification. |
76 * date is copied to protect against subsequent modification. |
77 * @param reason the revocation reason |
77 * @param reason the revocation reason |
78 * @param extensions a map of X.509 Extensions. Each key is an OID String |
78 * @param extensions a map of X.509 Extensions. Each key is an OID String |
79 * that maps to the corresponding Extension. The map is copied to |
79 * that maps to the corresponding Extension. The map is copied to |
80 * prevent subsequent modification. |
80 * prevent subsequent modification. |
81 * @param authority the <code>X500Principal</code> that represents the name |
81 * @param authority the {@code X500Principal} that represents the name |
82 * of the authority that signed the certificate's revocation status |
82 * of the authority that signed the certificate's revocation status |
83 * information |
83 * information |
84 * @throws NullPointerException if <code>revocationDate</code>, |
84 * @throws NullPointerException if {@code revocationDate}, |
85 * <code>reason</code>, <code>authority</code>, or |
85 * {@code reason}, {@code authority}, or |
86 * <code>extensions</code> is <code>null</code> |
86 * {@code extensions} is {@code null} |
87 */ |
87 */ |
88 public CertificateRevokedException(Date revocationDate, CRLReason reason, |
88 public CertificateRevokedException(Date revocationDate, CRLReason reason, |
89 X500Principal authority, Map<String, Extension> extensions) { |
89 X500Principal authority, Map<String, Extension> extensions) { |
90 if (revocationDate == null || reason == null || authority == null || |
90 if (revocationDate == null || reason == null || authority == null || |
91 extensions == null) { |
91 extensions == null) { |
119 |
119 |
120 /** |
120 /** |
121 * Returns the name of the authority that signed the certificate's |
121 * Returns the name of the authority that signed the certificate's |
122 * revocation status information. |
122 * revocation status information. |
123 * |
123 * |
124 * @return the <code>X500Principal</code> that represents the name of the |
124 * @return the {@code X500Principal} that represents the name of the |
125 * authority that signed the certificate's revocation status information |
125 * authority that signed the certificate's revocation status information |
126 */ |
126 */ |
127 public X500Principal getAuthorityName() { |
127 public X500Principal getAuthorityName() { |
128 return authority; |
128 return authority; |
129 } |
129 } |
130 |
130 |
131 /** |
131 /** |
132 * Returns the invalidity date, as specifed in the Invalidity Date |
132 * Returns the invalidity date, as specifed in the Invalidity Date |
133 * extension of this <code>CertificateRevokedException</code>. The |
133 * extension of this {@code CertificateRevokedException}. The |
134 * invalidity date is the date on which it is known or suspected that the |
134 * invalidity date is the date on which it is known or suspected that the |
135 * private key was compromised or that the certificate otherwise became |
135 * private key was compromised or that the certificate otherwise became |
136 * invalid. This implementation calls <code>getExtensions()</code> and |
136 * invalid. This implementation calls {@code getExtensions()} and |
137 * checks the returned map for an entry for the Invalidity Date extension |
137 * checks the returned map for an entry for the Invalidity Date extension |
138 * OID ("2.5.29.24"). If found, it returns the invalidity date in the |
138 * OID ("2.5.29.24"). If found, it returns the invalidity date in the |
139 * extension; otherwise null. A new Date object is returned each time the |
139 * extension; otherwise null. A new Date object is returned each time the |
140 * method is invoked to protect against subsequent modification. |
140 * method is invoked to protect against subsequent modification. |
141 * |
141 * |
142 * @return the invalidity date, or <code>null</code> if not specified |
142 * @return the invalidity date, or {@code null} if not specified |
143 */ |
143 */ |
144 public Date getInvalidityDate() { |
144 public Date getInvalidityDate() { |
145 Extension ext = getExtensions().get("2.5.29.24"); |
145 Extension ext = getExtensions().get("2.5.29.24"); |
146 if (ext == null) { |
146 if (ext == null) { |
147 return null; |
147 return null; |
174 + reason + ", revocation date: " + revocationDate |
174 + reason + ", revocation date: " + revocationDate |
175 + ", authority: " + authority + ", extensions: " + extensions; |
175 + ", authority: " + authority + ", extensions: " + extensions; |
176 } |
176 } |
177 |
177 |
178 /** |
178 /** |
179 * Serialize this <code>CertificateRevokedException</code> instance. |
179 * Serialize this {@code CertificateRevokedException} instance. |
180 * |
180 * |
181 * @serialData the size of the extensions map (int), followed by all of |
181 * @serialData the size of the extensions map (int), followed by all of |
182 * the extensions in the map, in no particular order. For each extension, |
182 * the extensions in the map, in no particular order. For each extension, |
183 * the following data is emitted: the OID String (Object), the criticality |
183 * the following data is emitted: the OID String (Object), the criticality |
184 * flag (boolean), the length of the encoded extension value byte array |
184 * flag (boolean), the length of the encoded extension value byte array |
206 oos.write(extVal); |
206 oos.write(extVal); |
207 } |
207 } |
208 } |
208 } |
209 |
209 |
210 /** |
210 /** |
211 * Deserialize the <code>CertificateRevokedException</code> instance. |
211 * Deserialize the {@code CertificateRevokedException} instance. |
212 */ |
212 */ |
213 private void readObject(ObjectInputStream ois) |
213 private void readObject(ObjectInputStream ois) |
214 throws IOException, ClassNotFoundException { |
214 throws IOException, ClassNotFoundException { |
215 // Read in the non-transient fields |
215 // Read in the non-transient fields |
216 // (revocationDate, reason, authority) |
216 // (revocationDate, reason, authority) |